CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50918
https://notcve.org/view.php?id=CVE-2023-50918
15 Dec 2023 — app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. app/Controller/AuditLogsController.php en MISP anterior a 2.4.182 maneja mal las ACL para los registros de auditoría. • https://github.com/MISP/MISP/commit/92888b1376246c0f20c256aaa3c57b6f12115fa1 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49926
https://notcve.org/view.php?id=CVE-2023-49926
03 Dec 2023 — app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget. app/Lib/Tools/EventTimelineTool.php en MISP anterior a 2.4.179 permite XSS en el widget de línea de tiempo de eventos. • https://github.com/MISP/MISP/commit/dc73287ee2000476e3a5800ded402825ca10f7e8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41098
https://notcve.org/view.php?id=CVE-2023-41098
23 Aug 2023 — An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. Se ha descubierto un problema en MISP v2.4.174. En el fichero "app/Controller/DashboardsController.php" existe un problema de Cross-Site Scripting (XSS) reflejado a través del parámetro "id" al editar un panel de control. • https://github.com/MISP/MISP/commit/09fb0cba65eab9341e81f1cbebc2ae10be34a2b7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40224
https://notcve.org/view.php?id=CVE-2023-40224
10 Aug 2023 — MISP 2.4.174 allows XSS in app/View/Events/index.ctp. La versión 2.4.174 de MISP permite un XSS en app/View/Events/index.ctp. • https://github.com/MISP/MISP/commit/0274f8b6332e82317c9529b583d03897adf5883e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48328
https://notcve.org/view.php?id=CVE-2022-48328
20 Feb 2023 — app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. • https://github.com/MISP/MISP/commit/1edbc2569989f844799261a5f90edfa433d7dbcc • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48329
https://notcve.org/view.php?id=CVE-2022-48329
20 Feb 2023 — MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. • https://github.com/MISP/MISP/commit/a73c1c461bc6f8a048eae92b5e99823afd892d1e • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24028
https://notcve.org/view.php?id=CVE-2023-24028
20 Jan 2023 — In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. En MISP 2.4.167, app/Controller/Component/ACLComponent.php tiene un control de acceso incorrecto para la función de importación en decadencia. • https://github.com/MISP/MISP/commit/93bf15d3bd703a32ebfe86cb6c1c9b735cf23e30 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24026
https://notcve.org/view.php?id=CVE-2023-24026
20 Jan 2023 — In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. En MISP 2.4.167, app/webroot/js/event-graph.js tiene una vulnerabilidad XSS a través de un payload de vista previa del gráfico de eventos. • https://github.com/MISP/MISP/commit/a46f794a136001101cbec84fccf3cc824e983493 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24027
https://notcve.org/view.php?id=CVE-2023-24027
20 Jan 2023 — In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. En MISP 2.4.167, app/webroot/js/action_table.js permite XSS a través de un nombre de historial de red. • https://github.com/MISP/MISP/commit/72c5424034c378583d128fc1e769aae33fb1c8b9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29528
https://notcve.org/view.php?id=CVE-2022-29528
20 Apr 2022 — An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. Se ha detectado un problema en MISP versiones anteriores a 2.4.158. Puede producirse una deserialización de PHAR • https://github.com/MISP/MISP/commit/0108f1bde2117ac5c1e28d124128f60c8bb09a8e • CWE-502: Deserialization of Untrusted Data •